Re: draft-josefsson-sasl-external-channel-01

[Nicolas Williams <Nicolas.Williams@xxxxxxx>]

On Tue, Apr 14, 2009 at 09:56:59AM +0200, Simon Josefsson wrote:
> Jeffrey Hutzelman <jhutz@xxxxxxx> writes:
> > I think you have to encode the type of channel to be used for this in
> > the mechanism name, so that it becomes part of the input to mechanism
> > selection.  It would be poor for a client to select EXTERNAL-CHANNEL
> > thinking it's going to get to use credentials from one channel type,
> > only to discover that the server only supports some different type.
> >
> > Unfortunately this does mean you need to register a distinct name for
> > each channel type, but I think that's unavoidable anyway.  The thing
> > we're interested in here is a channel type, not a channel binding
> > type.
> 
> I agree with that.  I have re-read the discussion around
> external-channel-00 and it also leaned towards that approach.
> 
> Thus, I believe the way forward is to define a EXTERNAL-* mechanism
> family and provide one instantiation as EXTERNAL-TLS.

+1